House Price - 房价

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed house-price lookup tool that fetches public Fangjia pages and can optionally write a chart file, with no evidence of hidden persistence, credential use, or destructive behavior.

Install if you are comfortable with a Python script making outbound requests to Fangjia and optionally writing an HTML chart when requested. Prefer city slugs or Fangjia URLs, avoid arbitrary --url values, and choose chart output paths carefully.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger description includes broad catch-all phrasing such as handling '类似城市房价问题时' and '给个查房价链接', which can overlap with ordinary conversation and cause unintended invocation. Because this skill can initiate web requests and optionally write files through `get.py`, accidental triggering increases the risk of unnecessary external access and tool execution in contexts the user did not intend.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal